AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
Created awstats tracking bugs for this issue: Affects: epel-all [bug 2150634] Affects: fedora-all [bug 2150633]
It appears this is the fix: https://github.com/eldy/AWStats/pull/226
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
FEDORA-EPEL-2023-d3f150fc4d has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2023-ae31777788 has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2023-f91d2e3281 has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report.